Route Origin Authorization

$ rpki-client -vvf rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab4207a9-6bfe-48f8-9c57-11c598dea35d.roa
File:                     ab4207a9-6bfe-48f8-9c57-11c598dea35d.roa (raw, json)
Hash identifier:          AQ7xurvk1qdoVnNz7JPkDnHZL0Lcst9UK4iyExEnya0=
Subject key identifier:   85:7F:5E:91:90:B7:48:D0:C2:0C:E8:83:A5:B4:9B:D2:62:B1:E5:85
Certificate issuer:       /CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
Certificate serial:       048138510F3FE85368DB8FA3E8F8393475703EE3
Authority key identifier: 10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE
Authority info access:    rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer
Subject info access:      rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab4207a9-6bfe-48f8-9c57-11c598dea35d.roa
Signing time:             Mon 13 Jan 2025 00:00:00 +0000
ROA not before:           Mon 13 Jan 2025 00:00:00 +0000
ROA not after:            Mon 17 Feb 2025 23:59:59 +0000
asID:                     16509
IP address blocks:        204.236.224.0/20 maxlen: 20
Validation:               Failed, unable to get local issuer certificate

Certificate:
    Data:
        Version: 3 (0x2)
        Serial Number:
            04:81:38:51:0f:3f:e8:53:68:db:8f:a3:e8:f8:39:34:75:70:3e:e3
    Signature Algorithm: sha256WithRSAEncryption
        Issuer: CN=6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7
        Validity
            Not Before: Jan 13 00:00:00 2025 GMT
            Not After : Feb 17 23:59:59 2025 GMT
        Subject: serialNumber=59ee1d9965fb7e189bb618162d3e48b5d0e1580d75808d7990e9424288a686fb, CN=b25c970f-d813-445c-bfe2-62668518c87e
        Subject Public Key Info:
            Public Key Algorithm: rsaEncryption
                RSA Public-Key: (2048 bit)
                Modulus:
                    00:c8:16:57:42:87:e7:e3:17:07:37:e3:d2:9f:83:
                    16:91:d8:59:54:d6:7b:0e:b5:f1:39:37:e1:a1:8c:
                    06:d3:ff:e1:af:3f:d2:a1:b7:72:cd:68:60:00:0b:
                    7b:8a:08:6f:6a:ad:b3:df:c9:8b:0b:05:3d:b4:b2:
                    b4:0b:7c:11:00:71:a1:3f:15:5a:38:79:32:78:c8:
                    4d:72:3e:a0:a5:6b:be:55:2a:71:0e:94:b4:3f:16:
                    cf:79:ef:72:63:d6:b4:e0:8a:70:4c:e9:97:69:71:
                    7d:7a:57:57:20:01:8e:e6:70:47:61:b5:99:99:f2:
                    58:11:2f:f3:b8:03:8d:52:6c:95:6e:79:02:47:28:
                    e3:a2:60:c3:72:32:3c:3d:96:47:4c:2f:ff:50:b4:
                    3e:e5:80:60:f2:3c:72:2b:3f:06:35:4f:a0:37:1d:
                    ca:db:e8:41:cc:bc:0c:e5:f0:56:85:f8:6a:a0:89:
                    7c:85:b6:f1:cd:01:a8:6e:3a:5a:bc:69:16:33:1b:
                    d0:f1:cc:f5:38:3d:5c:d5:ee:41:ee:72:6a:df:f0:
                    42:3d:e2:d8:84:22:2b:3e:c9:0a:fe:50:d5:35:09:
                    7e:07:20:9a:f5:b9:3a:1e:39:3e:99:da:39:c7:4c:
                    d5:d1:4a:60:08:d9:f4:e9:cf:84:ac:01:85:5e:d0:
                    62:c3
                Exponent: 65537 (0x10001)
        X509v3 extensions:
            X509v3 Subject Key Identifier:
                85:7F:5E:91:90:B7:48:D0:C2:0C:E8:83:A5:B4:9B:D2:62:B1:E5:85
            X509v3 Authority Key Identifier:
                keyid:10:5D:D7:8D:55:78:40:AB:43:5D:BD:15:21:20:8F:29:FA:49:3F:AE

            X509v3 Key Usage: critical
                Digital Signature
            Authority Information Access:
                CA Issuers - URI:rsync://rpki.arin.net/repository/arin-rpki-ta/5e4a23ea-e80a-403e-b08c-2171da2157d3/2a246947-2d62-4a6c-ba05-87187f0099b2/1ba302b8-8dab-491d-b9ed-d7c92d030d82/6ed88cad11feac77449f018d42be358eb37107dbe8cb71d0a7.cer

            Subject Information Access:
                Signed Object - URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/ab4207a9-6bfe-48f8-9c57-11c598dea35d.roa

            X509v3 CRL Distribution Points:

                Full Name:
                  URI:rsync://rpki-rsync.us-east-2.amazonaws.com/volume/20aa329b-fc52-4c61-bf53-09725c042942/_qx3RJ8BjUK-NY6zcQfb6Mtx0Kc.crl

            X509v3 Certificate Policies: critical
                Policy: ipAddr-asNumber

            sbgp-ipAddrBlock: critical
                IPv4:
                  204.236.224.0/20

    Signature Algorithm: sha256WithRSAEncryption
         8e:8f:63:ee:ca:b1:88:6d:48:0c:57:99:18:9e:d8:b9:65:72:
         0c:12:5c:6a:d4:3b:60:c3:aa:84:02:93:19:18:62:bb:c8:11:
         75:e3:24:b3:be:6e:14:1f:31:1c:d2:36:ad:e8:ac:f0:d9:d9:
         59:21:9d:c7:67:fe:28:56:5a:5a:d2:de:15:5c:89:7e:c7:2e:
         d2:52:54:9d:72:24:f4:58:e0:29:12:3b:7f:9d:d7:61:53:31:
         af:07:97:8a:32:bd:4a:08:f2:80:af:9e:38:19:15:df:25:15:
         64:20:2c:e1:ed:5d:26:16:93:17:12:53:af:7e:ee:09:40:81:
         1c:b2:ce:cb:78:8e:f8:c7:e3:fc:6e:50:c3:16:c8:fe:2a:c7:
         b8:15:82:c8:df:9b:ec:7c:29:5a:22:3b:32:8d:bc:d1:1e:42:
         c9:fe:a5:35:09:eb:28:13:58:04:28:76:18:f4:d3:9f:fc:d4:
         3c:92:44:99:fb:ec:a6:7a:c6:15:4a:68:86:38:e8:1b:1b:62:
         87:fe:f3:2e:0c:17:03:e9:02:7e:53:21:b1:8c:28:81:6d:c3:
         f9:3a:04:a1:15:a7:06:a4:d2:86:62:3e:ae:ae:77:c9:1b:9f:
         00:b5:c8:e9:dc:2b:a4:98:11:55:4f:d0:bb:f2:79:e3:a5:f0:
         65:66:74:b5
-----BEGIN CERTIFICATE-----
MIIF+DCCBOCgAwIBAgIUBIE4UQ8/6FNo24+j6Pg5NHVwPuMwDQYJKoZIhvcNAQEL
BQAwPTE7MDkGA1UEAxMyNmVkODhjYWQxMWZlYWM3NzQ0OWYwMThkNDJiZTM1OGVi
MzcxMDdkYmU4Y2I3MWQwYTcwHhcNMjUwMTEzMDAwMDAwWhcNMjUwMjE3MjM1OTU5
WjB6MUkwRwYDVQQFE0A1OWVlMWQ5OTY1ZmI3ZTE4OWJiNjE4MTYyZDNlNDhiNWQw
ZTE1ODBkNzU4MDhkNzk5MGU5NDI0Mjg4YTY4NmZiMS0wKwYDVQQDEyRiMjVjOTcw
Zi1kODEzLTQ0NWMtYmZlMi02MjY2ODUxOGM4N2UwggEiMA0GCSqGSIb3DQEBAQUA
A4IBDwAwggEKAoIBAQDIFldCh+fjFwc349KfgxaR2FlU1nsOtfE5N+GhjAbT/+Gv
P9Kht3LNaGAAC3uKCG9qrbPfyYsLBT20srQLfBEAcaE/FVo4eTJ4yE1yPqCla75V
KnEOlLQ/Fs9573Jj1rTginBM6ZdpcX16V1cgAY7mcEdhtZmZ8lgRL/O4A41SbJVu
eQJHKOOiYMNyMjw9lkdML/9QtD7lgGDyPHIrPwY1T6A3Hcrb6EHMvAzl8FaF+Gqg
iXyFtvHNAahuOlq8aRYzG9DxzPU4PVzV7kHucmrf8EI94tiEIis+yQr+UNU1CX4H
IJr1uToeOT6Z2jnHTNXRSmAI2fTpz4SsAYVe0GLDAgMBAAGjggKxMIICrTAdBgNV
HQ4EFgQUhX9ekZC3SNDCDOiDpbSb0mKx5YUwHwYDVR0jBBgwFoAUEF3XjVV4QKtD
Xb0VISCPKfpJP64wDgYDVR0PAQH/BAQDAgeAMIHzBggrBgEFBQcBAQSB5jCB4zCB
4AYIKwYBBQUHMAKGgdNyc3luYzovL3Jwa2kuYXJpbi5uZXQvcmVwb3NpdG9yeS9h
cmluLXJwa2ktdGEvNWU0YTIzZWEtZTgwYS00MDNlLWIwOGMtMjE3MWRhMjE1N2Qz
LzJhMjQ2OTQ3LTJkNjItNGE2Yy1iYTA1LTg3MTg3ZjAwOTliMi8xYmEzMDJiOC04
ZGFiLTQ5MWQtYjllZC1kN2M5MmQwMzBkODIvNmVkODhjYWQxMWZlYWM3NzQ0OWYw
MThkNDJiZTM1OGViMzcxMDdkYmU4Y2I3MWQwYTcuY2VyMIGeBggrBgEFBQcBCwSB
kTCBjjCBiwYIKwYBBQUHMAuGf3JzeW5jOi8vcnBraS1yc3luYy51cy1lYXN0LTIu
YW1hem9uYXdzLmNvbS92b2x1bWUvMjBhYTMyOWItZmM1Mi00YzYxLWJmNTMtMDk3
MjVjMDQyOTQyL2FiNDIwN2E5LTZiZmUtNDhmOC05YzU3LTExYzU5OGRlYTM1ZC5y
b2EwgYgGA1UdHwSBgDB+MHygeqB4hnZyc3luYzovL3Jwa2ktcnN5bmMudXMtZWFz
dC0yLmFtYXpvbmF3cy5jb20vdm9sdW1lLzIwYWEzMjliLWZjNTItNGM2MS1iZjUz
LTA5NzI1YzA0Mjk0Mi9fcXgzUko4QmpVSy1OWTZ6Y1FmYjZNdHgwS2MuY3JsMBgG
A1UdIAEB/wQOMAwwCgYIKwYBBQUHDgIwHwYIKwYBBQUHAQcBAf8EEDAOMAwEAgAB
MAYDBATM7OAwDQYJKoZIhvcNAQELBQADggEBAI6PY+7KsYhtSAxXmRie2LllcgwS
XGrUO2DDqoQCkxkYYrvIEXXjJLO+bhQfMRzSNq3orPDZ2Vkhncdn/ihWWlrS3hVc
iX7HLtJSVJ1yJPRY4CkSO3+d12FTMa8Hl4oyvUoI8oCvnjgZFd8lFWQgLOHtXSYW
kxcSU69+7glAgRyyzst4jvjH4/xuUMMWyP4qx7gVgsjfm+x8KVoiOzKNvNEeQsn+
pTUJ6ygTWAQodhj005/81DySRJn77KZ6xhVKaIY46BsbYof+8y4MFwPpAn5TIbGM
KIFtw/k6BKEVpwak0oZiPq6ud8kbnwC1yOncK6SYEVVP0LvyeeOl8GVmdLU=
-----END CERTIFICATE-----